Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Laravel Debug Enabled" module is designed to detect misconfigurations in Laravel applications where the APP_DEBUG
setting is enabled. This module targets Laravel, a popular PHP framework used for web application development. The severity of this module is classified as medium.
Author: notsoevilweasel
When the APP_DEBUG
setting is enabled in Laravel, verbose error messages may be displayed. This can potentially expose sensitive information about the application's code and configuration, making it easier for attackers to identify vulnerabilities and exploit them.
The "Laravel Debug Enabled" module works by sending an HTTP GET request to the /_ignition/health-check
endpoint of the target Laravel application. It then applies matching conditions to determine if the application has debug mode enabled.
The matching conditions for this module are as follows:
- The response body must contain the wordcan_execute_commands
.
- The response status code must be 200
.
If both conditions are met, the module will report a misconfiguration, indicating that Laravel's debug mode is enabled.
Remediation: Disable Laravel's debug mode by setting the APP_DEBUG
configuration option to false
.
Metadata: max-request: 1